安装MetallLB便于外部访问
官方地址:https://metallb.universe.tf/installation/
下载namespace文件: https://raw.githubusercontent.com/metallb/metallb/v0.10.3/manifests/namespace.yaml
下载metallb文件:https://raw.githubusercontent.com/metallb/metallb/v0.10.3/manifests/metallb.yaml根据metallb.yaml文件查找两个镜像本次采用先用docker pull 下来然后导入到本地containerd,也可以配置containerd镜像地址:配置方法:https://github.com/containerd/containerd/blob/main/docs/cri/registry.md:
quay.io/metallb/speaker:v0.10.3
quay.io/metallb/controller:v0.10.3
[root@kube-master1 ~]# kubectl edit configmap -n kube-system kube-proxy ###修改kube-proxy configmap配置文件,修改以下两个字段,注意修改这里后需要删除kube-proxy原来的pod,然后起新的pod。
mode: ipvs
ipvs:
strictARP: true
[root@kube-master1 MetalLB]# kubectl -n kube-system logs kube-proxy-bq52n |grep Using ### 重新加载的kube-proxy pod日志会显示Using ipvs Proxier
I1012 10:51:16.944852 1 server_others.go:274] Using ipvs Proxier.
[root@kube-master1 MetalLB]# ip a |grep kube-ipvs0 ### ip -a查看会发现多一块kube-ipvs0的网卡。
4: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
inet 10.10.0.10/32 scope global kube-ipvs0
inet 10.10.0.1/32 scope global kube-ipvs0
[root@kube-master1 MetalLB]# ls
controllerv0.10.3.tar metallb.yaml namespace.yaml speakerv0.10.3.tar
[root@kube-master1 MetalLB]# ctr -n k8s.io image import controllerv0.10.3.tar ###导入controllerv0.10.3.tar镜像
unpacking quay.io/metallb/controller:v0.10.3 (sha256:aa49113202b32a9fc4670a36520232cc8b17e2a04dd518bc174dab7298ce068f)...done
[root@kube-master1 MetalLB]# ctr -n k8s.io image import speakerv0.10.3.tar ###导入speakerv0.10.3.tar镜像
unpacking quay.io/metallb/speaker:v0.10.3 (sha256:b47c218f0725256fd6fce8d92824b399f323c0ea77513cef8de67de249bae03e)...done
[root@kube-master1 MetalLB]# for i in {2..5};do scp controllerv0.10.3.tar 192.168.1.2$i:/root/;done ###controllerv0.10.3.tar镜像上传至其他节点
controllerv0.10.3.tar 100% 44MB 39.2MB/s 00:01
controllerv0.10.3.tar 100% 44MB 14.0MB/s 00:03
controllerv0.10.3.tar 100% 44MB 20.0MB/s 00:02
controllerv0.10.3.tar 100% 44MB 16.9MB/s 00:02
[root@kube-master1 MetalLB]# for i in {2..5};do scp speakerv0.10.3.tar 192.168.1.2$i:/root/;done ###speakerv0.10.3.tar镜像上传至其他节点
speakerv0.10.3.tar 100% 48MB 24.0MB/s 00:01
speakerv0.10.3.tar 100% 48MB 17.8MB/s 00:02
speakerv0.10.3.tar 100% 48MB 20.4MB/s 00:02
[root@kube-master1 MetalLB]# for i in {2..5};do ssh 192.168.1.2$i ctr -n k8s.io image import controllerv0.10.3.tar ;done ###controllerv0.10.3.tar镜像导入其他节点containerd
unpacking quay.io/metallb/controller:v0.10.3 (sha256:da97c48a7b5b585316d778f4afaa99abf361a176e00314d49bb4c5c5c68ed2aa)...done
unpacking quay.io/metallb/controller:v0.10.3 (sha256:da97c48a7b5b585316d778f4afaa99abf361a176e00314d49bb4c5c5c68ed2aa)...done
[root@kube-master1 MetalLB]# for i in {2..5};do ssh 192.168.1.2$i ctr -n k8s.io image import speakerv0.10.3.tar ;done ###speakerv0.10.3.tar镜像导入其他节点containerd
unpacking quay.io/metallb/speaker:v0.10.3 (sha256:a4c921741b2f8d6b794885a0bcf1e4e5abf174074b0fe84f9228b622a3e89057)...done
unpacking quay.io/metallb/speaker:v0.10.3 (sha256:a4c921741b2f8d6b794885a0bcf1e4e5abf174074b0fe84f9228b622a3e89057)...done
[root@kube-master1 MetalLB]# kubectl create -f namespace.yaml ### 创建namespace
namespace/metallb-system created
[root@kube-master1 MetalLB]# kubectl create -f metallb.yaml ### 创建metallb
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/controller created
podsecuritypolicy.policy/speaker created
serviceaccount/controller created
serviceaccount/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
role.rbac.authorization.k8s.io/config-watcher created
role.rbac.authorization.k8s.io/pod-lister created
role.rbac.authorization.k8s.io/controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/config-watcher created
rolebinding.rbac.authorization.k8s.io/pod-lister created
rolebinding.rbac.authorization.k8s.io/controller created
daemonset.apps/speaker created
deployment.apps/controller created
[root@kube-master1 MetalLB]# kubectl get pod -n metallb-system -o wide ###查看pod状态
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
controller-77c44876d-gd5gn 1/1 Running 0 9m42s 10.88.0.2 kube-node2 <none> <none>
speaker-6mtcp 1/1 Running 0 9m43s 192.168.8.10 kube-master1 <none> <none>
speaker-b9bzh 1/1 Running 0 9m44s 192.168.8.14 kube-node2 <none> <none>
speaker-np8cq 1/1 Running 0 9m43s 192.168.8.11 kube-master2 <none> <none>
speaker-vjxj8 1/1 Running 0 9m43s 192.168.8.13 kube-node1 <none> <none>
speaker-zkr9t 1/1 Running 0 9m43s 192.168.8.12 kube-master3 <none> <none>
[root@kube-master1 MetalLB]# vim configmap.yaml ### 创建configmap配置,内容如下:
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.1.180-192.168.1.195 ### 保持和物理网卡同网段保证能访问;
[root@kube-master1 MetalLB]# kubectl create -f configmap.yaml ### 创建metallb configmap
configmap/config created
[root@kube-master1 MetalLB]# kubectl apply -f test-deployment-nginx.yaml ### 创建测试文件内容如下
apiVersion: v1
kind: Namespace
metadata:
name: app
---
apiVersion: v1
kind: Service
metadata:
name: metallb-service
namespace: app
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
selector:
app: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-metallb
namespace: app
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: daocloud.io/library/nginx:1.9.1 ###这里需要提前导入nginx镜像,或者自己有配置镜像仓库
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
[root@kube-master1 MetalLB]# kubectl apply -f test-deployment-nginx.yaml ### 创建测试资源对象
namespace/app created
service/metallb-service created
deployment.apps/test-metallb created
[root@kube-master1 MetalLB]# kubectl get all -n app ### 查看刚才创建的命名空间下的资源是否创建成功,这里可以看到service EXTERNAL-IP 字段已经分配了IP
NAME READY STATUS RESTARTS AGE
pod/test-metallb-579cf9c4c6-82prw 1/1 Running 0 2m24s
pod/test-metallb-579cf9c4c6-wwd6m 1/1 Running 0 2m24s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/metallb-service LoadBalancer 10.10.57.3 192.168.1.180 80:30294/TCP 2m24s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/test-metallb 2/2 2 2 2m24s
NAME DESIRED CURRENT READY AGE
replicaset.apps/test-metallb-579cf9c4c6 2 2 2 2m24s
[root@kube-master1 MetalLB]# ip a |grep kube-ipvs0 ### 可以每台节点用ip a命令查看刚才分配的ip 在每个节点都有。
4: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
inet 10.10.0.10/32 scope global kube-ipvs0
inet 10.10.0.1/32 scope global kube-ipvs0
inet 10.10.57.3/32 scope global kube-ipvs0
inet 192.168.1.180/32 scope global kube-ipvs0
接下来就可以打开浏览器测试啦!!!